2. tar xvzf apf-current.tar.gz
3. cd apf-9.7-1
4. ./install.sh
You must run the installation as root because configuration files are placed in /etc/. Once this is done, you will have an initscript to start APF in /etc/init.d/ and the configuration files located in /etc/apf/. The primary configuration file is /etc/apf/conf.apf.
To configure the firewall, edit /etc/apf/conf.apf. A few important variables to set include:
EGF="1" # enable outbound packet filtering
IFACE_IN="eth0" # inbound interface to filter
IFACE_OUT="eth0" # outbound interface to filter
DEVEL_MODE="1"
The DEVEL_MODE option should only be used during testing. This sets up a cronjob that runs every five minutes to disable the firewall — useful if you muck something up. When the firewall is working, you must set DEVEL_MODE=”0″. Change the IFACE_IN and IFACE_OUT ports to suit your system; on a VPS it might be “venet0″, for instance.
Next, you will need to define which ports are allowed.
There are a lot of other entries in the configuration file and it’s likely worth reading them over and tweaking as necessary. For the most part, the defined defaults are fine. The only exception is if you are using a kernel with the iptables module compiled into the kernel, rather than available as a loadable module, which is often the case for a VPS. In that case you will need to also set SET_MONOKERN=”1″ in the configuration file as well.
then /etc/init.d/apf restart
You are done!
No comments:
Post a Comment